![]() |
|
Think about Loose Coupling | |
PerlMonks |
Re: Re: Re: Using MD5 and the theory behind itby rpc (Monk) |
on Jan 11, 2001 at 04:11 UTC ( #51027=note: print w/replies, xml ) | Need Help?? |
Your method is not 'totally secure' because you have to store the
nonce in a database. If you generate a SID from an MD5 digest based on
user authentication information, this hash does not have to be stored.
It can be generated when the cookie is inspected. Also if you run a large site with millions of users, your source of entropy can be depleated quickly, negating any security you would have gained.
In Section
Seekers of Perl Wisdom
|
|